id rule is the time in milliseconds, I have a problem is that the agent is not recognized, I sent an email to the group yesterday but there is someone who help me
> Date: Mon, 2 May 2011 01:57:14 -0700 > Subject: [ossec-list] src_ip in alert table in MySQL database > From: [email protected] > To: [email protected] > > Hi, > > Just started using ossec and it's great for my needs, monitoring > OpenVZ containers. > > I've set up alerting to a MySQL database and that's working OK. In the > 'alert' table though there is a field called src_ip and I'm not sure > what number is being logged here? It's not an IP address and I can't > see that it's a lookup refence to another table. > > select * from alert limit 10; > +----+-----------+---------+------------+-------------+------------ > +--------+----------+----------+ > | id | server_id | rule_id | timestamp | location_id | src_ip | > dst_ip | src_port | dst_port | > +----+-----------+---------+------------+-------------+------------ > +--------+----------+----------+ > | 3 | 1 | 5706 | 1304272050 | 3 | 1159222217 | > NULL | NULL | NULL | > | 4 | 1 | 31101 | 1304272174 | 4 | 1372152755 | > NULL | NULL | NULL | > > Am I missing something obvious? > > Thanks, Matt
